The Samsung Galaxy S8's iris scanner, which unlocks the phone by scanner a user's eyes, can be easily fooled by hackers, the Chaos Computer Club (CCC) wrote in a blog post on Monday.

CCC member starbug demonstrated the method used to unlock the device in a short video posted on Tuesday. The iris scanner works with infrared light, so a picture is taken of the user's face using a digital camera in night mode.

The infrared picture of the user's eye is then printed out on a laser printer. A contact is placed over the eye and it can then be used to unlock the phone.

Being that the iris recognition can also be used with Samsung Pay, this means that hackers could steal money or make fraudulent purchases as well, the post said. Dirk Engling, spokesperson for the CCC, said that traditional methods may be more secure.

"If you value the data on your phone - and possibly want to even use it for payment - using the traditional PIN-protection is a safer approach than using body features for authentication," Engling said in the post.

While the Galaxy S8 is one of the first premium handsets to include iris recognition, the feature could come to many more phones in the future. Engling also noted in the release that a high-resolution picture from the internet could be sufficient to capture a proper iris. So a public social media profile could compromise a Samsung Galaxy S8 user if they were to lose their phone.

The iris scanner wasn't the only biometric security measure the CCC team was able to bypass. In 2013, the team said they were able to bypass Apple's Touch ID as well.

The 3 big takeaways for TechRepublic readers

The Chaos Computer Club recently posted a video showing how they fooled the iris scanner on Samsung's new flagship phone.

The club used a night-mode photo and a contact lens to fool the system and gain access to the device.

The club said that the traditional PIN system for locking one's phone is a safer method than the iris scanner.

Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays